cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6807,https://securityvulnerability.io/vulnerability/CVE-2024-6807,Cross Site Scripting Vulnerability in Student Study Center Desk Management System 1.0,A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Student Study Center Desk Management System,4.1,MEDIUM,0.0008200000156648457,false,,false,false,true,2024-07-17T02:31:05.000Z,true,false,false,,2024-07-17T03:31:05.059Z,0
CVE-2024-6732,https://securityvulnerability.io/vulnerability/CVE-2024-6732,SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System,"A serious SQL injection vulnerability has been identified in version 1.0 of the SourceCodester Student Study Center Desk Management System. This vulnerability resides in the /sscdms/classes/Users.php file, specifically in the save function, where the manipulation of the 'id' argument can lead to unauthorized SQL commands being executed on the backend database. As a result, attackers can potentially gain access to sensitive user information and execute arbitrary code remotely. Given that this exploit has already been publicly disclosed, it is crucial for users of this system to take immediate action to secure their installations and safeguard their data.",Sourcecodester,Student Study Center Desk Management System,8.8,HIGH,0.0007600000244565308,false,,false,false,true,2024-07-14T22:15:00.000Z,true,false,false,,2024-07-14T23:15:00.000Z,0
CVE-2024-6731,https://securityvulnerability.io/vulnerability/CVE-2024-6731,SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System,"A serious SQL injection vulnerability has been identified in the SourceCodester Student Study Center Desk Management System, specifically in the Master.php file when handling requests to save student data. This flaw allows attackers to manipulate the 'id' argument, enabling them to execute malicious SQL queries on the database. The vulnerability can be exploited remotely, posing a significant risk to data security as it may allow unauthorized access to sensitive information. Immediate action is recommended to assess and mitigate potential risks associated with this vulnerability.",Sourcecodester,Student Study Center Desk Management System,8.8,HIGH,0.0007600000244565308,false,,false,false,true,2024-07-14T21:15:00.000Z,true,false,false,,2024-07-14T22:15:00.000Z,0
CVE-2023-2152,https://securityvulnerability.io/vulnerability/CVE-2023-2152,SourceCodester Student Study Center Desk Management System index.php file inclusion,"A file inclusion vulnerability exists within the SourceCodester Student Study Center Desk Management System 1.0. This issue arises from improper handling within the index.php file, specifically through unsanitized input in the 'page' argument. An attacker can exploit this vulnerability remotely, potentially leading to unauthorized file access and execution. The public disclosure of this exploit highlights the urgency for users to apply necessary patches and security measures to safeguard their systems.",Sourcecodester,Student Study Center Desk Management System,9.8,CRITICAL,0.0038900000508874655,false,,false,false,false,,,false,false,,2023-04-18T14:15:00.000Z,0
CVE-2023-2151,https://securityvulnerability.io/vulnerability/CVE-2023-2151,SourceCodester Student Study Center Desk Management System manage_student.php sql injection,"A vulnerability exists in the Desk Management System's manage_student.php file, allowing an attacker to manipulate the argument 'id' and perform SQL Injection attacks remotely. This can lead to unauthorized access to sensitive data or further exploits. Public disclosure has raised awareness, making it imperative for users to inspect their systems for potential vulnerabilities.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-04-18T13:15:00.000Z,0
CVE-2023-1567,https://securityvulnerability.io/vulnerability/CVE-2023-1567,SourceCodester Student Study Center Desk Management System assign.php cross site scripting,A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assign/assign.php. The manipulation of the argument sid leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223559.,SourceCodester,Student Study Center Desk Management System,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-03-22T14:15:00.000Z,0
CVE-2023-1568,https://securityvulnerability.io/vulnerability/CVE-2023-1568,SourceCodester Student Study Center Desk Management System GET Parameter index.php cross site scripting,A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument date_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223560.,Sourcecodester,Student Study Center Desk Management System,5.4,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-03-22T14:15:00.000Z,0
CVE-2023-1563,https://securityvulnerability.io/vulnerability/CVE-2023-1563,SourceCodester Student Study Center Desk Management System assign.php sql injection,"A vulnerability has been identified in the SourceCodester Student Study Center Desk Management System 1.0, specifically within the /admin/assign/assign.php file. This issue arises due to improper handling of the 'id' parameter, allowing attackers to perform SQL injection. By manipulating this input, an attacker can execute arbitrary SQL queries against the database, leading to unauthorized data access or potential compromise of the system. This vulnerability can be exploited remotely, making it a significant concern for users of this management system.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.002139999996870756,false,,false,false,false,,,false,false,,2023-03-22T13:15:00.000Z,0
CVE-2023-1468,https://securityvulnerability.io/vulnerability/CVE-2023-1468,SourceCodester Student Study Center Desk Management System Report sql injection,A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipulation of the argument date_from/date_to leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-223327.,Sourcecodester,Student Study Center Desk Management System,6.3,MEDIUM,0.0041600000113248825,false,,false,false,false,,,false,false,,2023-03-17T12:15:00.000Z,0
CVE-2023-1467,https://securityvulnerability.io/vulnerability/CVE-2023-1467,SourceCodester Student Study Center Desk Management System POST Parameter path traversal,"A vulnerability exists in the SourceCodester Student Study Center Desk Management System, specifically in the Master.php file where the DELETE image function processes input. The issue arises from improper handling of the 'path' argument, allowing attackers to manipulate input and execute path traversal attacks remotely. This vulnerability could lead to unauthorized access to sensitive files and data, highlighting the need for immediate attention and remediation.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.004259999841451645,false,,false,false,false,,,false,false,,2023-03-17T12:15:00.000Z,0
CVE-2023-1466,https://securityvulnerability.io/vulnerability/CVE-2023-1466,SourceCodester Student Study Center Desk Management System view_student sql injection,"A vulnerability exists in the Student Study Center Desk Management System that allows for SQL injection through the 'view_student' function. By manipulating the 'id' argument, an attacker can input malicious SQL code, potentially leading to unauthorized data access or manipulation. This vulnerability can be exploited remotely, posing a significant risk to the integrity of the system. It is crucial for users to patch their installations to mitigate this security issue.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.0041600000113248825,false,,false,false,false,,,false,false,,2023-03-17T12:15:00.000Z,0
CVE-2023-1407,https://securityvulnerability.io/vulnerability/CVE-2023-1407,SourceCodester Student Study Center Desk Management System manage_user.php sql injection,"An SQL injection vulnerability exists in the SourceCodester Student Study Center Desk Management System 1.0. This flaw is located in the /admin/user/manage_user.php file, where improper validation of the 'id' parameter allows an attacker to construct malicious SQL queries. As a result, this vulnerability poses serious risks, enabling unauthorized database access and manipulation. The issue is public knowledge and can be exploited remotely, highlighting the need for urgent remediation. For further technical details, consult VDB-223111.",SourceCodester,Student Study Center Desk Management System,7.2,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-03-15T08:15:00.000Z,0